feat(client-eks): Release for EKS Pod Identity Cross Account feature and disableSessionTags flag.

Author: awstools

clients/client-eks/src/commands/CreateClusterCommand.ts

@@ -45,7 +45,9 @@ export interface CreateClusterCommandOutput extends CreateClusterResponse, __Met
  *          <p>You can use the <code>endpointPublicAccess</code> and
  *                 <code>endpointPrivateAccess</code> parameters to enable or disable public and
  *             private access to your cluster's Kubernetes API server endpoint. By default, public access is
- *             enabled, and private access is disabled. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">Amazon EKS Cluster
+ *             enabled, and private access is disabled. The
+ *             endpoint domain name and IP address family depends on the value of the
+ *             <code>ipFamily</code> for the cluster. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">Amazon EKS Cluster
  *                 Endpoint Access Control</a> in the <i>
  *                <i>Amazon EKS User Guide</i>
  *             </i>. </p>

clients/client-eks/src/commands/CreatePodIdentityAssociationCommand.ts

@@ -35,15 +35,27 @@ export interface CreatePodIdentityAssociationCommandOutput
 /**
  * <p>Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role
  *             with <i>EKS Pod Identity</i>. Use EKS Pod Identity to give temporary IAM credentials to
- *             pods and the credentials are rotated automatically.</p>
+ *             Pods and the credentials are rotated automatically.</p>
  *          <p>Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.</p>
- *          <p>If a pod uses a service account that has an association, Amazon EKS sets environment variables
- *             in the containers of the pod. The environment variables configure the Amazon Web Services SDKs,
+ *          <p>If a Pod uses a service account that has an association, Amazon EKS sets environment variables
+ *             in the containers of the Pod. The environment variables configure the Amazon Web Services SDKs,
  *             including the Command Line Interface, to use the EKS Pod Identity credentials.</p>
- *          <p>Pod Identity is a simpler method than <i>IAM roles for service
+ *          <p>EKS Pod Identity is a simpler method than <i>IAM roles for service
  *                 accounts</i>, as this method doesn't use OIDC identity providers.
- *             Additionally, you can configure a role for Pod Identity once, and reuse it across
+ *             Additionally, you can configure a role for EKS Pod Identity once, and reuse it across
  *             clusters.</p>
+ *          <p>Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are eventually consistent,
+ *             and may take several seconds to be effective after the initial API call returns
+ *             successfully. You must design your applications to account for these potential delays.
+ *             We recommend that you don’t include association create/updates in the
+ *             critical, high-availability code paths of your application. Instead, make changes in a
+ *             separate initialization or setup routine that you run less frequently.</p>
+ *          <p>You can set a <i>target IAM role</i> in the same or a different
+ *             account for advanced scenarios. With a target role, EKS Pod Identity automatically performs two
+ *             role assumptions in sequence: first assuming the role in the association that is in this
+ *             account, then using those credentials to assume the target IAM role. This process
+ *             provides your Pod with temporary credentials that have the permissions defined in the
+ *             target role, allowing secure access to resources in another Amazon Web Services account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -59,6 +71,8 @@ export interface CreatePodIdentityAssociationCommandOutput
  *   tags: { // TagMap
  *     "<keys>": "STRING_VALUE",
  *   },
+ *   disableSessionTags: true || false,
+ *   targetRoleArn: "STRING_VALUE",
  * };
  * const command = new CreatePodIdentityAssociationCommand(input);
  * const response = await client.send(command);
@@ -76,6 +90,9 @@ export interface CreatePodIdentityAssociationCommandOutput
  * //     createdAt: new Date("TIMESTAMP"),
  * //     modifiedAt: new Date("TIMESTAMP"),
  * //     ownerArn: "STRING_VALUE",
+ * //     disableSessionTags: true || false,
+ * //     targetRoleArn: "STRING_VALUE",
+ * //     externalId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-eks/src/commands/DeletePodIdentityAssociationCommand.ts

@@ -61,6 +61,9 @@ export interface DeletePodIdentityAssociationCommandOutput
  * //     createdAt: new Date("TIMESTAMP"),
  * //     modifiedAt: new Date("TIMESTAMP"),
  * //     ownerArn: "STRING_VALUE",
+ * //     disableSessionTags: true || false,
+ * //     targetRoleArn: "STRING_VALUE",
+ * //     externalId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-eks/src/commands/DescribePodIdentityAssociationCommand.ts

@@ -64,6 +64,9 @@ export interface DescribePodIdentityAssociationCommandOutput
  * //     createdAt: new Date("TIMESTAMP"),
  * //     modifiedAt: new Date("TIMESTAMP"),
  * //     ownerArn: "STRING_VALUE",
+ * //     disableSessionTags: true || false,
+ * //     targetRoleArn: "STRING_VALUE",
+ * //     externalId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-eks/src/commands/UpdateClusterConfigCommand.ts

@@ -48,8 +48,8 @@ export interface UpdateClusterConfigCommandOutput extends UpdateClusterConfigRes
  *             <li>
  *                <p>You can also use this API operation to enable or disable public and private
  *                     access to your cluster's Kubernetes API server endpoint. By default, public access is
- *                     enabled, and private access is disabled. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">Amazon EKS
- *                         cluster endpoint access control</a> in the
+ *                     enabled, and private access is disabled. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">
+ *                         Cluster API server endpoint</a> in the
  *                         <i>
  *                      <i>Amazon EKS User Guide</i>
  *                   </i>.</p>

clients/client-eks/src/commands/UpdatePodIdentityAssociationCommand.ts

@@ -33,10 +33,23 @@ export interface UpdatePodIdentityAssociationCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Updates a EKS Pod Identity association. Only the IAM role can be changed; an association can't be moved
+ * <p>Updates a EKS Pod Identity association. In an update, you can change the IAM role, the target IAM role, or <code>disableSessionTags</code>.
+ *             You must change at least one of these in an update. An association can't be moved
  *             between clusters, namespaces, or service accounts. If you need to edit the namespace
  *             or service account, you need to delete the association and then create a new
  *             association with your desired settings.</p>
+ *          <p>Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are eventually consistent,
+ *             and may take several seconds to be effective after the initial API call returns
+ *             successfully. You must design your applications to account for these potential delays.
+ *             We recommend that you don’t include association create/updates in the
+ *             critical, high-availability code paths of your application. Instead, make changes in a
+ *             separate initialization or setup routine that you run less frequently.</p>
+ *          <p>You can set a <i>target IAM role</i> in the same or a different
+ *             account for advanced scenarios. With a target role, EKS Pod Identity automatically performs two
+ *             role assumptions in sequence: first assuming the role in the association that is in this
+ *             account, then using those credentials to assume the target IAM role. This process
+ *             provides your Pod with temporary credentials that have the permissions defined in the
+ *             target role, allowing secure access to resources in another Amazon Web Services account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -48,6 +61,8 @@ export interface UpdatePodIdentityAssociationCommandOutput
  *   associationId: "STRING_VALUE", // required
  *   roleArn: "STRING_VALUE",
  *   clientRequestToken: "STRING_VALUE",
+ *   disableSessionTags: true || false,
+ *   targetRoleArn: "STRING_VALUE",
  * };
  * const command = new UpdatePodIdentityAssociationCommand(input);
  * const response = await client.send(command);
@@ -65,6 +80,9 @@ export interface UpdatePodIdentityAssociationCommandOutput
  * //     createdAt: new Date("TIMESTAMP"),
  * //     modifiedAt: new Date("TIMESTAMP"),
  * //     ownerArn: "STRING_VALUE",
+ * //     disableSessionTags: true || false,
+ * //     targetRoleArn: "STRING_VALUE",
+ * //     externalId: "STRING_VALUE",
  * //   },
  * // };
  *